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SECURXTX FROTSCTZON FOR DASH CQMMDNZCZilXXON 



Fxeld of the Xnventlon 

5 The present invention relates to protocols for 

conmmni cation of data messages between electronic 
apparatuses- More particularly^ the present invention 
relates to a method for providing authentication and 
integrity protection when a synchronization protocol for 
10 data coimntmicatlon is utilized for communication of data 
between e.g. a client and a server. Also, the present 
invention relates to a server and client adapted to provide 
* authentication and* integrity protection according to the 
method' of the invention. 

15 

DQSGiriptxon o£ the Related Art 

In some situations it is preferred to communicate 
data between a client and a server using a standardized 
synchronization protocol- By utilizing the synchronization 

20 protocol it is possible to provide data communication 
between electronic apparatuses from different 
manufacturers, with the S2^cML initiative a standardized 
data synchronization protocol is provided^ which 
facilitates communication of data between user apparatuses 

25 of different manufacturers . Examples of a client as 

disclosed above is an electronic communication apparatus 
such as a mobile telephone, a pager, an electronic 
organizer r a smartphone or the like, 

• One example of a situation where this * possibility is 

30 useful is when a device management session is to be. 
established between an apparatus and a server using a 
synchronisation protocol such as eig. SyncWL (SyncML-DM 
(S^^cML-Device Management) or SyncML-DS (SyncML-Data 
Synchronisation) ) - If there are any problems with the 

35 apparatus it can be .connected to the' server through a wire 
or wireless communication link- By Qonnecting the apparatus 
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to the server, a remote repairer can get access to the 
apparatus through the connection. However , the repairer may 
• want to authenticate the apparatus before he/she starts 
repairing the apparatus. Also,^ in another situation the . 
5 apparatus may need to verify an authentication made by a 

repairer to avoid unauthorized access to the user apparatus 
by a third party, such as a hacker. 

Further;^ in many situations it is also preferred to 
provide integrity protection of the data sent between the 
30 coxranunication apparatus and the server. 

In the SyncML-DM specification the following security 
mechanisms are specified: 

•. Server authentication 

• Client authentication 
15 • Integrity protection 

• (Confidentiality) 

In the known art security protection, i.e. said 
security mechanisms , is based on the use .of a combination 
of transport level and SyncSML level security as indicated 

20 in Table 1 of Fig. 3, which shows security mechanisms per 
protocol layer. As should be noted, confidentiality is 
mentioned in the Sync ML specification.' However, it is not 
a requirement for the SyncML-DM- 

From table 1 of Fig- 3it can be concluded that there 

25 are strong requirements for client authentication and 
integrity protection at SyncML level since there are 
scenarios where there are no alternatives, such as with a 
SyncML protocol combined with an Obex transport protocol 
and a Cable or IrDa bearer layer. Also, server 

30 authentication and confidentiality are useful but not 
essential. 

Presently^ the SyncML specification specifies an 
authentication protocol that can be used for both client 
and server authentication- 



'I 
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The main problem with SyncfiOL security is that it is 
based on a combination of usernaxne and password. This has 
two major disadvantages as it gives weak security and it 
fo^rces the user to handle yet another password. Also,, it is 

5 difficult to generate good integrity protection keys from a 
password, as the entropy of a* password is too small. 40-128 
random bits is normal for generating a good integrity key.* 
Using a password,, this would require 50-70 symbols in a 
password typed on a keyboard to derive a sufficiently 

10 amount of random bits* 

Suxmoary of the Xnvention 

It is an object of the invention to provide a 
flexible method for providing at least client 

15 authentication, when a synchronization protocol such as 

SyncML-DM/DS is utilized for communicating messages between 
the client and a server. More specifically ^ it is an object 
of the invention to provide client authentication in a more 
flexible manner than previously known wherein neither 

20 usernaxne nor password is necessary. Yet another object is 
to execute client authentication based on the specific 
authentication capabilities of the client. Also, it is an 
object of the invention to provide integrity protectionr in 
addition authentication, using good integrity protection 

25 . keys. It is preferred to render possible the use of a 

number of different known authentication methods to be used 
with the synchronization protocol • Finally, it is an object 
of the invention to also provide server authentication in 
addition to client authentication and integrity protection, 

30 The above objects are achieved in that an 

authentication protocol of the synchronization protocol is 
utilized for providing an authentication method indicator 
(AMI) • The AMI are incorporati^d in a meta coxomand of the 
synchronization protocol for indicating the specific type 

35 of authentication method used in each particular case. The 
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authentication method may be preset^ or individually 
determined by the server based on an initialisation message 
sent by the apparatus for indicating e*g- its 
authentication capabilities, and establishing a connection. 

5 Any data relating to the determined authentication method 
are incorporated in ^ data string of the protocol when 
messages are communicated. 

According to the invention, it is a further object to 
provide a client, such as an electronic communication 

10 apparatus, adapted to provide at least client 

authentication when the synchronization protocol is used 
for communicating messages to the server. 

According to the invention, the above objects are 
achieved by an electronic communication apparatus adapted 

15 to indicate e.g. its authentication capabilities to the 

server in an initialization message • Further, the apparatus 
is- adapted to execute authentication according to the 
authentication technique indicated by the AMI of a message 
received from the server. Also, the apparatus is adapted to 

20 generate a response to the message to be transmitted to the 
server. For providing integrity protection, the apparatus 
is adapted to generate good integrity protection keys 
according to the indicated method. 

A further object of the invention is to provide a 

25 • server adapted to provide at least client authentication 
using any of a number of known authentication techniques 
based on the authentication capabilities of the apparatus. 

The above objects are achieved by a server adapted to 
receive the initialization message (for client 

30 authentication) or send an initialization message (for 

server authentication) . The server is adapted to determine 
the specific authentication method to be used based on the 
authentication capabilities of the apparatus. Further, the 
server is adapted to execute authentication according to 

35 the determined authentication method or according to a 
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preset authentication methodr which is incorporated .in the 
2VMI of the message. Also^ the server is adapted to 
incorporate any authentication data relating to the 
specified authentication method in a data string of the 
5 message. To provide integrity protection^ the server is 
adapted to generate an IK according to the authentication 
method/ scheme used. 

A further aspect of the invention is to utilize good 
integrity keys (IK) generated by the server and client, 

10 respectively, which will provide integrity protection in 

addition to authentication; The integrity key is generated 
according to the authentication scheme used or separately- 
by* the server or the client. The authentication 
method/sch^e may be GSM SIN, UNTS USlMr Secureld,. 

15 Safewrd^ WPKI, WlM, etc. Further, DSIM authentication have 
the advantage of providing mutual authentication ^ i-e. 
server authentication and client authentication in addition 
to integrity protection. 

The method according to the invention has the 

20 advantage of being flexible, as more than one 

authentication method may be used when the SyncML-DM/DS 
protocol is utilized for transmitting data messages between 
the apparatus and the server. Also, now user name or user 
identity is necessary for carrying out client and/or server 

25 authentication. Further, good integrity keys-may be derived 
from the authentication scheme to provide integrity 
protection independently from any user name or user id. By 
utilizing the method of the invention, anti-replay 
protection may be provided without the need for 

30 synchronized counters in both client and server. 

Further preferred features of the. invention are 
defined in the dependent claims. 

It should be emphasized that the term 
^comprises/comprising" when used in this specification is 



IS/^S/'SQBS 15:18 STRfiM &1KLIKSS0N +46 40237897 •> EPO W P013 

•6 



taken to specify the presence of stated features, integers, 
steps, components or groups thereof, 

Bxrief Deserxp'kxon of tbe Drawings 
• 5 Preferred embodiments of the present invention will 

now be described in more detail with reference to the 
accompanying drawings, in which: 

- Fig. 1 shows a mobile telephone connected to a number 
of servers, which are adapted to provide authentication. 
10 according to the invention; 

Fig. 2 is a flow chart of an exemplifying 
authentication process according to the invention; 

Fig- 3 is a table showing seciirity mechanisms per 
protocol layer; 
15 Fig, 4 illustrates* variables and the message flow 

between an electronic user equipment and a server in a SIM 
authentication scenario; and* 

Fig. 5 illustrates variables and the message flow 
between an electronic user equipment and a server in a OSIM 
20 authentication scenario. 

Detailed Descri.p'bxon of SmbodiiOQntB 

The present invention provides a method for client 
25 authentication and integrity protection of communicated 
data b.etween e.g. a client, such as an electronic user 
apparatus r and a server when a standardized synchronization 
protocol such as SyncML-DM/DS is used. 

A mobile telephone 1 is an example of an electronic 
30 user apparatus. For convenience, reference will therefore 
be made to a mobile telephone 1 throughout this 
description. However, this is only for exemplifying 
purposes and is not considered to limit the scope of the 
invention. 
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An exemplary mobile telephone 1 comprising in a 
normal fashion a display 10, a keypad 11, a loudspeaker 12; 
and a miorophone 13 is shown in Fig. 1. The components 
together form a man-machine interface, through which a user 

' 5 of the mobile telephone 1 may interact with and operate the 
mobile telephone 1. Further r the mobile telephone 1 
comprises an antenna 14 for establishing a wireless 
communication link 20 with a mobile telecommunication 
network 21- The mobile telecoiratiunication network 21 may 

10 e,g» be a GSM network ("Global System for Mobile 

communications'') or a UMTS network {"Universal Mobile 
Telephone System") • The mobile telephone 1 is adapted to 
communicate data through the mobile telecommunication - 
network 21 using a standardlizedl synchronxs&ation protocol 

15 such as SyncML-DM/DS . Data can be communicated through a 
wire based or wireless connection 30 between the mobile 
telephone 1 and a server 31 connected to the 
telecommunication network 21. 

Moreover, the mobile telephone 1 of the. embodiment 

20 shown in Fig, 1 comprises an infrared interface 15, such as 
an IrDA port, by means of which the mobile telephone - 1 may 
be connected through a infrared link 40 to a second server 
41 for communicating data using a synchronization protocol, 
such as SyncML-DM/DS . 

25 . . • .The mobile telephone 1 also comprises a system or 
accessories connector 16, by means of which the mobile 
telephone 1 may be connected, through e.g, a serial cable 
50, to a third server 51, for communicating data using a 
synchronization protocol, such as SyncML-DM/DS. 

30 Additionally, the mobile telephone • 1 comprises a 

second antenna 17 for establishing a short-range radio link 
€0, such as a Bluetooth. link, to a fourth server 61^ for 
communicating data using a synchronization protocol. 

As is understood, not all mobile telephones 1 of the 

35 invention have all the above mentioned communication 
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possibilities for communicatiing data, but can have one or 
more in different embodiments. Also, the server nvay be 
embodied as a pc (personal computer) r or another electronic 
user apparatus adapted to communicate data according to a 
5 synchronization protocol ^ such as SyncML-DM/DS - 

At SyncML level of data transmission between the 
mobile telephone 1 and the server 31^ 41, 51^ 61 
authentication is provided by utilizing the SyncML-DM/DS 
• protocol for carrying information of the authentication 
10 method to be used^ such as SIM/asiM authentication, which 
will be further disclosed below. According to the 
invention, a naraber of different authentication methods may 
be utilized when the SyncML-DM/DS protocol is used for 
communicating messages. The authentication method to be 
15 used is specified according to the same principals as in 

the existing SyncML-DM/DS authentication protocol, although 
in a much- more flexible manner'. For signaling the 
authentication method being used an authentication 
indicator (AMI) , sometimes referred to as the mechanism, is 
20 provided when the SyncML-DM/DS protocol is utilized. The 
AMI substitutes the authentication directive of the meta 
command of the conventional SyncML-DM/DS protocol when data 
is communicated according to the SyncML-DM/DS protocol. 
Further, any data relating to the specific authentication 
25 . method utilized is incorporated in a data stririg of the 
• message sent according to the SyncML-DM/DS protocol . 

In one embodiment of the invention GSM SIM or DMTS 
USIM authentication and integrity protection is utilized. 
This provides authentication of the mobile telephone 1 and 
30 integrity protection of data sent between said telephone 1 
and the server 31, 41, 51, 61. Also, USIM authentication 
provides the additional possibility of server 
authentication. As should be noticed, other authentication 
techniques are equally well possible, such as PKI based 
35 schemes, e.g. WPKI and WIM, and proprietary authentication 



\ 
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token technology r e.g. Secureld or Safeword as the 
authentxcafcion method. 

The AMI is a variable indicating the algorithm (s) 
. used to produce the message digest of the message beiAg 
5 sent using- the SyncML-DM/DS protocol^ and the specific • 
authentication method, which is to be specified. The value 
of the AML depends on the authentication method used. As. is 
indicated above ^ the mobile telephone 1 may be adapted to 
execute authentication according to one or more 
10 authentication methods. 

In the following/ an exemplary embodiment according 
to the -invention will be presented^ wherein-the nfessage 
flow between the mobile telephone 1 and the server 31r 41^ 
5i; 61 is disclosed. In the exemplary embodiment r 5IM/USIM * 
15 authentication and integrity protection will be described 
with reference to Figs. 2r 4^ and 5. 

At a: first step 100 of Fig- 2, an initializing 
message, indicated as ^'Initial L3 message"' in Figs.- 4 and 
5r is sent from the mobile telephone 1 to the server 31, 
20 41, 51, 61- The general purpose of the initialization 
message is to establish a connection between the mobile 
telephone 1 and the server 31, .41,* 51, 61. Also, said 
message may comprise other information, such as information 
of the type of device that sent the initialization message, 
25 . 'and. the identity of the mobile telephone 1 such as IMSI 
(international mobile subscriber identity) and Ki 
(subscriber authentication key) . The AMI, or a list of AMis 
for indicating more than one authentication capability, can 
be incorporated in the initialization message for 
30 indicating the authentication capabilities of the mobile 
telephone 1, As should be noted, the server 31, 41, 51, 61 
may also initiate the establishing of a connection between 
said server and the mobile telephone 1. This is executed in 
that the server 31, 41, 51, 61 transiaits a server 
35 initialization message to the mobile telephone 1, whereupon 

• » * 
\ 
I' 
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said telephone 1 transmits the initialization message when 
the server initialisation message is received- 
Depending on e.g. the type of device sending the 
first message, type of data bearer and transport protocol 
5 the server 31^ 41, 51, 61 determines at step 101 the 
security level and type of security mechanismr such as 
• SIM/USIM authentication.r to b© used. However^ the security 
mechanism may equally well be preset, wherein the server 
31, 4lr 51f 61 does not need to detexitdne the 

10 authentication capabilities of the mobile telephone 1. In 
this embodiment, the server 31, 41, 51, 61 determines that 
the mobile telephone 1 capable of performing SIM/USIM 
authentication sent the message. ,Thereforer the server 31, 
41, 51, 61 starts SIM/USIM authentication at 102 by 

15 transmitting an authentication request comprising the 

subscriber identity' (IMSI, Ki) to an AUG (authentication • 
center) for deriving authentication variables (AVs) , 
possible via a home location register (HLR) • Based on the 
IMSI, the AUC generates authentication data, such as a 

20 challenge, which in this embodiment is a random number, or • 
obtains a stored challenge based on the IMSI. Also, the AUC 
generates an XRBS (expected result) , based on the challenge 
• and the Ki, or obtains a stored XRES by means of the IMSI. 
The XRES will be used in a later step for finalizing the* 

25 authentication.- 

In an alternative embodiment, the AUC also generates 
an CK/IK (cipher key/integrity key) based on the Ki and the 
challenge, which can be stored together with the XRES and 
the authentication data at the AUC and/or the server 31, 

30 41, 51, 61 and utilized for integrity protection. 

At -step 103, the authentication data, XRES and- CK/IK 
- are then transmitted to the server, which is adapted to 
transmit the authentication data to' the mobile telephone 1 
in the data string of the message according to the SyncML- 

35 DM/DS protocol- Also, the value of the AMIr indicating the 



1 

r* 
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type of security mechaniem -used for generating the 
authentication data, XRES and CK/IK for authentication, and 
integrity protection^ i.e. SIM/USIM authentication in this 
enibodimentr is incorporated into the message, sent to the 
mobile telephone 1, as disclosed above. 

After receiving the AMI and the authentication data 
the mobile telephone determines the authentication method 
to be used by evaluating the AMI and performs the steps 
necessary according to the specific authentication method 
to create a response to be sent to the server 31, 41^ 51# 
51. Alternatively r the authentication method may be 
predetermined. As the .steps necessary for executing 
SIM/USIM authentication at the mobile . telephone 1 form no 
essential part of the invention per se^ it will only be 
15 disclosed briefly in the following. 

In the exemplifying embodiment ^ the mobile telephone 
1, at step 104 r generates a response by transmitting the 
authentication data to the SIM/USIM of the mobile telephone 
1. The SIM/USIM generates, based on the Ki of the 
20 subscription stored on the SIM/USIM and the authentication 
data, a response corresponding to the XRES stored in the 
server. 

In an alternative embodiment, integrity protection is 
also provided at step 105 if required. Therefore a shared 
25 secret key is required. In the embodiment where SIM/USIM is 
used as the authentication scheme, integrity protection 
using the CK/IK as good integrity keys is possible. 
Therefore, the mobile -telephone 1 requests a CK/IK from the ' 
SIM/USIM, which generates a second integrity key based on 
the Ki and the value of the authentication data. 
Consequently r executing an authentication procedure ^ such 
as. the GSM authentication procedure, or the tJMTS AKA, which 
per se are believed to be known to the man skilled in the 
art, prbvides the CK/IK. .As is also understood, the CK of 



30 
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GSM authentication is used as an integrity key 
correspondingly to the IK of UMTS authentication. 

' A hashing function r such as SHA-1 or MD5, can be - 
utilized by the mobile telephone 1 for the integrity ' 
5 protection in the alternative embodiment. A value of a MAC 
parameter is con^juted as per RFC2104r with SHA-1 as its 
hashing function. However, other hashing functions may also 
be u^ed according to the method of the invention. The 
computation of the MAC value relies upon the use of a 

10 shared secret (or key) . Therefore^ according to the 

invention r the CK/IK generated by the SIM/USIM is utilized 
for the integrity protection, as is well known in the art. 
•Also; a HMAC is computed on the entire SyncMI*-DM/DS 
message. Each SyncML-DM/D5 m.essage is constructed as 

15 nonaal, upon completion of the message the HMAC is 
computed. The HMAC is located in the header of the 
transport protocol, e.g. HTTP, WAP, or OBEX, called x- 
syncml-hmac/ during transmission of the message. 

When the response is derived, and possibly the MAC 

20 and HMAC, the response is incorporated in the data string 
of the SyncML-DM/DS authentication protocol. Also, the AMI 
indicates the authentication method used, and the response 
message is transmitted from the mobile telephone 1 to the 
server 31, 41, 51, 61 at step 107. Upon reception, the 

25 server 31, 41^ 51, 61 at step 108 begins the integrity 
control and finalizes authentication according to the 
authentication method specified by the AMI. 

For finalizing the authentication according to 
SIM/OSIM authentication, the server 31, 41, 51, 61 compares 

30 the response value with the value of the stored XRES for 
authentication control. If integrity protection is 
provided, the server also generates a MAC value based on 
the response message and the CK/IK received from the AUC to 
be compared with the value of the MAC sent in the data 

35 string of the SyncML-DM/OS protocol. As integrity 
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protection p^r se is not an essential part of the 
invention^ the generation of MAC values and .the comparing 
of said values is not further disclosed here. 

If USIM authentication is utilizedr the mobile 

5 telephone 1 may transmit a user authentication reject to 
the server 31 ^ 41r Sir 61 if the authentication fails, as 
is indicated in Fig, 5. 

In an alternative embodiment^ the use of USIM 
authentication also provides the possibility of server 

10 authentication in addition to client authentication; The 
difference between the embodiment providing server 
authentication and the embodiments described above is that • 
an. additional server authentication variable ADTN 
(authentication token) is generated by the authentication 

15 center in addition to the challenge, CK/IK and XRES. The 

AUTN variable will be transmitted to the mobile telephone 1 
in' the data string of the message incorporating the 
authentication data. Also in this embodiment the AMI is 
used for indication the type of authentication method 

20 utilized. When the mobile telephone 1 receives the AUTN 
variable, it will pass it on to the USIM, which will 
perform server authentication in addition to generating the 
response. 

In other embodiments of the invention, other 
25 authentication techniques can be utilized, which will be 

indicated by different AMI values comprised in the message/ 
as- set out above. In each embodiment, the authentication 
data necessary for performing authentication, such as 
certificates or codes, can be transmitted from the server 
30 31, 41, 51, 61 to the mobile telephone 1 by utilizing the 
data string of the message sent according to the SyncML- 
DM/DS protocol. 

In the following PKI based WIM authentication and 
integrity protection will be described briefly. In WIM 
35 authentication the initialization message is sent from the 
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mobile telephone 1 to the server 31;. 41r 51^ 61^ 
correspondingly to SIM/USIM authentication. Then the server 
determines, if necessary, the capabilities of .the mobile 
telephone, wherein WIM authentication is determined as the 
5 authentication method to utilize- • Then, the server 

generates the MAI and a challenge to be transmitted to the 
mobile telephone according to the same principles as has 
been described above, vnien the mobile telephone 1 receives 
the authentication parameters, i.e. the AMI and the 

10 challenge r the mobile telephone 1 transmits the challenge 
to the WIM of the mobile telephone 1^ which as a result 
generates a response in the form of a certificate, which is 
stored in the WIM. A certificate authority, as is well 
known to the man skilled in the art, issues the 

J5 certificate- The response is then transmitted to the server 
according to the same principles as in the previous 
embodiments. The result may be encrypted using a public key 
of the server. Finally^ when the server receives the 
result, said server will if necessary decrypt the message 

20 ' using the private key of the server 31, 41, 51, 61 and 

authenticate the response (certificate) by tremsmitting an 
authentication request to a certificate authority (CA) . 

In the authentication procedure, the server 31, 41, 
31, 61 will derive the public key of the mobile telephone 1 

25 from the CA. The public key of the mobile telephone may be 
utilized for providing integrity protection if preferred. 
If sor the server 31, 41, 51, 61 will generate a good IK 
based on random numbers, which is incorporated in a message 
encrypted using the public key of the mobile telephone 1. 

30 An hashing algorithm, as described above, is used on the 
encrypted message, whereupon the message is encrjnpted with 
the private key of the mobile telephone. The mobile 
telephone 1 will receive the encrypted message, decrypt it 
using the public key of the server, a hashing algorithmr 
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and the private key of the mobile telephone 1 for 
finalizing the integrity protection. 

Other possibilities of integrity protecti-on when WIM 
based authentication are utilized. One example is to 
provide the encrypted IK together with the challenge in the 
data string of the first message sent from the server 31, 
41, 51, 61 to the mobile telephone 1, which will be .- 
incorporated in the data string of the message. 

As is mentioned above, also Safeword and Secureld are 
possible to use as the authentication method. These methods 
may be used according to the same principles as described 
in relation to the above embodiments and according to the . 
following dependent and independent claims. Therefore, 
these authentication methods will not be described in any 
15 further detail, as messages will flow between the mobile 

telephone 1 and" the server 31, 41, 51, 61 using the SyncML- 
DM/DS protocol having a AMI for indicating the 
authentication method and a data string for carrying any 
authentication data. 
20 As an option, the authentication data can be used to 

prevent replay attacks. In 3GPP the server, 31, 41, 51,61 
can e.g. use the equivalent of the AKA FRESH parameter as 
the value of the authentication data. This value, together 
with the parameter-nonce, count is used for full anti-replay 

25 protection. • 

The method has been described as providing an 
authentication method indicator (AMI) and utilizing a data 
string for carrying authentication data, which relates to 
the specific authentication method used, in a message to be 
sent accdrding to a synchronization protocol, such as the 
SyncML-DM/DS protocol. However, it should be noted that the 
method is not limited to the SyncMt-DM/DS protocol . It is 
equally well possible to implement the method of the 
invention also below the SyncML layer in transport 
35 prptocols such as http or Obex. . 
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CXAZMS 

1. A method for providing authentication when 
5 messages are sent between an electronic communication 

apparatus (1) and a server (3^ 41, 51^ 61) according- to a 
synchronization protocol, characterized in that an 
authentication method indicator (AMI) is incorporated in an 
authentication protocol of the syAchronization protocol, 
10 wherein said AMI specifies an authentication method 
according to which the authentication is executed. 

2* The method according to claim Ir wherein the 2^1 is 
incorporated in the meta command of the synchronization 
15 protocol and based on the authentication capabilities of 
the apparatus (1) . 

3, The method according to claim 1 or 2, wherein at 
least one authentication capability of the electronic 
20 communication apparatus is indicated in an authentication . 
method list of an initialization message sent to the server 
(31 r 41 r 51, 61) for establishing a connection. 



4 . The method according to any of the previous 

25 claims, wherein any authentication data relating to the 
specified authentication method is incorporated in a data 
string of the synchronization protocol. 

5. The method according to any of the previous 

30 claims r wherein the specified authentication method is GSM 
SIM authentication. 

6. The method accoxding to any of the claims 1-4 r 
wherein the specified authentication method is UMTS OSIM 

35 authentication, which also provides server authentication. 



I* 
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7. The method according to any of the claims 1-4 , 
wherein the specified authentication method is WPKI or WIM 
authentication. 

5 8. The method according to any of the claims l-'4r 

wherein the specified authentication method is Secureld or 
SafeWord authentication. 

9- The method according to any of the claims 3-7^ 
10 wherein the server (31, 41, 51, 61) determines the 

authentication capabilities of the electronic communication 
apparatus (1) based on the at least one authentication 
method listed in the authentication method list. 

15 10. The method according to claim 9, wherein the 

server (31, 41, 51, 61) executes any necessary 
authentication steps according to one of the at least on© 
authentication methods indicated in the authentication 
method list, and prepares and transmits a message to the 

2d electronic communication apparatus (1) , comprising the AMI 
and any authentication data relating to the specified 
authentication method, in the data string of the message. 

. 11. The method according to claim 10, wherein the 
25 electronic . communication apparatus (1) receives the 
message, executes any necessary authentication steps 
according to the authentication method indicated by the AMI 
to generate an expected result, and prepares and transmits 
a tesponse to the server, comprising the AMI, .and any 
authentication data in the data string of the message. 



30 
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12. The method according to any of the claims 1-6 and 
9-11, wherein integrity protection is provided by utilizing 
CKs/IKs (cipher keys /integrity keys) generated by the 
electronic communication apparatus (1) and the server (31, 



» 
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41, 51, 61), respectively^ when SIM/USIM authentication is 
executed, which CK/IK is used for generating MAC values and 
using a hashing function for computing a HMAC on the entire 
message to be sent. 

13. The method according to any of the claims 7 or 9- 
11 r wherein integrity protection is provided in that the 
server generates a good integrity keyr which is encrypted 
with the public key of the electronic communication 
apparatus (1) ^ which is generated during the authentication 
procedure, said integrity key is sent to said apparatus 
(l)r and utilized for generating MAC values .and using a 
hashing function for computing a HMAC on the entire message 
to be sent. 

14. The method according to claim 12 or 13^ wherein 
the MAC value is computed as per RFC2104. 

15. The method according to any of the claims 12-14, 
wherein the method utilizes SHA-1 as the hashing function. 

16. The method according to any of the previous 
claims, t/^herein the protocol is the SyncML-DM protocol or 
the SyncML-DS protocol. 

17 . The method according to any of the previous 
claims, wherein the protocol is the Obex, http^ or WSP 
protocol. 

IS . An electronic communication apparatus adapted -to 
provide authentication when messages are exchanged with a 
server according to a synchronization protocol, 
oliaaracl^Qrised in tha^ the apparatus is further adapt <ed to 
incorporate an authentication method indicator (AMI) in the 
authentication protocol of the synchronisation protocol for 

\ 
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indicatiixg a specific type of authentication method, 
according to which the authentication is executed. 

19. The apparatus according to claim 18, wherein the 
apparatus (1) is further adapted to send an initialization 
message to the server for establishing a- connection, which 
message indicates the authentication capabilities of the 
apparatus . ^ 

20. The apparatus according to claim 19, wherein the 
initialization message comprises an authentication method, 
list having at least one authentication method: listed, type 
of apparatus, and/ or identity of the apparatus (1) . 

21. The apparatus according to claim 18., wherein the 
apparatus (1) is further adapted to determine the type of 
authentication method to use from the authentication method 
indicator of a message received from the server (31, 41, 
51, 61) . 

22. The apparatus according to any of the- claims 18- 
21, wherein the apparatus (1) is further adapted to execute 
any of the steps necessary according to the specified 
authentication method , 

23. The apparatus according , to claim 22, wherein the 
apparatus (1) is further adapted to incorporate any 
authentication data in a data string of the message to be 
sent according to the synchronization protocol. 



30 



24. The apparatus according to any of the claims 18- 
.23, wherein the apparatus (1) is further adapted to provide 
integrity protection by utilizing an IK (integrity key) for 
generating a MAC, and utilizing a' hashing function, for 
35 computing a HMAC on the entire message. 



\ 
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25. The apparatus according to claim 24^ wherein the 
apparatus (1) is adapted to compute the MAC value as per 
RFC2104. 

5 

26. The apparatus according to claim 24 or 25 , 
wherein the apparatus (1) is further adapted to utilize 
SHA-1 as^ the hashing function - 

10 27. The apparatus according to any of the claims 18- 

26 r wherein the protocol is the SyncML-DM protocol or the 
SyncML-DS protocol. 

28. The apparatus according to any of the claims IS- 
IS 26^ wherein the protocol is the Obex, http, or WSP 
protocol , 

29- The apparatus according to any of the claims 18-- 
28, wherein the' apparatus (1) is further adapted -Bo utilize 
20 GSM SIM authentication as the authentication method. 

30. The apparatus according to any of the claims 18- 
28^ wherein the apparatus (1) is adapted to utilize UMTS 
U3IM authentication as the authentication method and 

25 provide server authentication. 

31, The method according to any of the claims 18-28, 
wherein apparatus (1) is further adapted to utilize 
Secureld;. SafeWord, WPKI or WIM authentication as the 

30 authentication method. 



35 



32- The apparatus according to any of the claims 18- 
31, wherein the apparatus is a pager, an electronic 



organizer, or a 



smartphone . 
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33- The apparatus according to any of the claims 18- 
31, wherein the apparatus Is a mobile telephone (1) • 

34 . A server adapted to provide authentication when 
messages are exchanged with an apparatus (1) according to a 
synchronization protocols dharacterizod in that. the server 
(31, 41, 51, 61) is further adapted to incorporate an 
authentication method indicator (AMI) in the authentication 
protocol of the synchronization protocol for indicating an 
authentication method, according to which the 
authentication is eKecuted. 

35- The server according to claim 34, wherein the 
server (31, 41, 51, 61) is further adapted to incorporate 
any authentication data in a data string of the 
synchronization protocol. 

36. The server according to claim 34 or 35 r wherein 
the server (31, 41, 51, 61) is further adapted to determine 
from a received initial iaat ion message the attthentication 
capabilities of the apparatus (1) and further determine a 
specific authentication method to utilize therefrom. 

37 - The server according to claim 36,, wherein the 
server (31, 41, 51, 61) is further adapted to execute 
authentication according to the determined authentication 
method. 

38. The server according to any of the claims 34-37, 
wherein the server (31, 41, 51, 61) is further adapted to 
provide integrity protection by utilizing an IK (integrity 
key) for generating a MAC, and utilizing a- hashing function 
for computing a HMAC. 
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39. The server, according to claim 38, wherein the 
server (31, .41, 51;.. 61) is adapted to derive the MAC value 
as per RFC2104- 

5 .40. The server according to claim 38 or 39,' wherein 

the server (31, 41, 51, 61) is further adapt.ed to utilize 
SHA-1 as the hashing function. 



10 



15 



20 



41, The server according to any of the claims 34--40, 
wherein the protocol is the SyncMli-DM protocol or the 
SyncML-DS protocol. 

42, The server according to any of the claims 34-41, 
wherein the protocol is the Obex, http, or WSP protocol/ 

43, The server according to any of the claims 34-42, 
wherein the server (31, 41, 51, 61) is further adapted to 
utilize GSM SIM authentication as the authentication 
method. 



44. The server according to any of the claims 34^42, 
wherein the server (31, 41, 51, 61) is further adapted to 
utilize UMTS USIM authentication as the authentication 
method and provide server authentication variable to the 

25 . electronic user equipment (1) . • 

45. The server according to any of the claims 34-42, 
wherein server is further adapted to utilize Secureld, 
SafeWord, WPKI or WIM authentication as the authentication 

30 method. 
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ABSTB21CT 

According to the method of the invention r 
authentication of an electronic communication apparatTx© 
capable of communicating data messages vxith a server 
according to a synchronization protocol^ such as SyncML,.. is 
provided. The authentication method utilized is specified 
in messages sent between said apparatus and said server by 
an authentication method indicator. Depending on the 
capabilities of the apparatus, the authentication method 
may be different for different apparatuses. Also, an 
electronic communication apparatus and a server for 
carrying out the invention are disclosed. 

To be published together with Fig. "2. 
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